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7) Q Claim(s) is/are objected to. 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)KI Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)Kl All b)Q Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) £3 Notice of References Cited (PTO-892) 4) O Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) O Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 060515 



Application/Control Number: 1 0/081 ,551 Page 2 

Art Unit: 2134 

DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 06/21/2006 have been entered 
and carefully considered. 

2. The Amendment introduces a new limitation into the originally sole independent 
claim 1-10. The newly introduced limitation (as best understood) has required a new 
search and consideration of the pending claims. The new search has resulted in 
newly discovered prior art. New grounds of rejection based on the newly discovered 
prior art follow below. 

3. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Response to Amendment 

4. The applicant arguments have been carefully considered. 

5. Applicant did not address all of the disclosure objections cited in the previous Office 
Action. The non-addressed issues are reiterated in this Office Action. 

6. Applicant amended claims 1-10 in order to address lack of clarity. However, claims 
siiii comprise ianguage that is not understood (e.g. sending the password to said 
commercial service system, with respect to said terminal" , claim 1) and in particular 
claims 4 and 9 remain confusing at best. For example claim 4 recites: "when use of 
a commercial service system is requested from said terminal, said business system 
... compares the numerical value of a result in which said one-way function was 

.applied to the password sent from said terminal for the number of times said one- 
way function was applied to said password subtracted from the total number of times 
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said one-way function was applied to said final result, with the numerical value of 
said final result in said authentication information when login permission in said 
commercial service system is determined, and permits login if they match". 
It is not clear whether it is "the numerical value" or "a result" that refers to the phrase 
"in which said one-way function was applied to the password". It is also not clear 
whether "the one-way function was applied" to the password received or sent from a 
terminal, whether the numerical value was sent from the terminal, etc. 
For purposes of further examination the examiner exercises his best guess 
regarding the appropriate interpretation of the claim language and encourages 
applicant to recite the claim limitations using simpler language structure when 
clarifying/amending the claims. Applicant should pay particular attention to the 
current U.S. practice. For example, the method claims should comprise clearly 
defined method steps rather than being structured as a one long narrative limitation, 
similar to language of claim 4. The examiner acknowledges applicant attempts to 
distinguish different steps, in claim 9 for example. However, the length and 
confusing language suggests that several steps remain combined into a one step 
(e.g. "compare a result in which said one-way function was applied to the password 
sent from said terminal for number of times said one-way function was applied to the 
password subtracted from the total number of times the one-way funcjion was 
applied to said final result ...") 
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Similarly, applicant should be consistent. For example either the articles "said" or 
"the" should be used through out the claim language (e.g. "the numerical value", "the 
password" then " said one-way function", claim 4). 

Furthermore, claims 1 and 6 seem to be missing some limitations. For example, it is 
not clear whether it is a commercial service system, the business system or both 
that compare "the password with authentication information created prior to the 
authentication". 

Lastly, although applicant attempted to amend the claim language in order to clarify 
the intended meaning of the claimed invention, it appears that the amendments were 
applied to claims individually, with noattempt to clarify the relationship between 
dependent claims. For example, the amended claim 6 suggests, as best 
understood, that "the business system" returns the password to a user's terminal 
and that the business system sends the password to the commercial service system. 
The following dependent claim 9 recites: "allowing said business system to return a 
password and the number of times said one-way function was applied to the 
password to the terminal". Besides the fact that it is not clear what is the meaning of 
claim 9 limitations (e.g. should the phrase: "applies said one-way function by the 
business system to the password to said terminal" be treated as though the 
password created for the terminal applies a one-way function prior to returning to the 
terminal, or whether after the terminal receives the password the password at the 
terminal is accessed by the business system, which applies a one-way function to 
the password?) the examiner is not able to follow the password exchange recited in 
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claim 9 in light of exchange observed in claim 6. In particular, it is not clear whether 
claim 9 suggests that after returning the password to the terminal (as recited in claim 
6) a new password is "returned", this time with "the number of times said one-way 
function was applied to the password", whether claim 9 is intended to further limit the 
password exchange (return) between the business system and the terminal, or 
whether applicant intended limitation is a combination of both interpretations. 

7. As per applicant arguments towards Birrell et al., the newly amended and 
understood language resulted in newly discovered prior art. Thus, applicant's 
arguments towards Birrell et al. are moot. 

8. Claims 1-10 have been examined. 

Specification 

9. The disclosure is objected to because of the following informalities: 

a. The amended pg. 3 lines 2-3 recite: "used next is determined by inquiring 
a numerical value n that indicates how far the password was consumed ". 
The phrase: "how far the password was consumed" is not understood. 

b. The phrase: "the applicable number of times n is high" on pg. 6 line 25 is 
not understood. 



Claim Rejections - 35 USC § 112 

10. Claims 1-10 remain rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
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that applicant regards as the invention. See, the relevant discussion in Response to 
Amendment section, above. 

Claim Rejections - 35 USC § 103 

1 1. Claims 1 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hokkanen (U.S. Patent No. 6993666). 

Hokkanen discloses selecting one password from a password list created prior to 
authentication, sending the password to said terminal, with respect to said business 
system that received the request for use (col. 2 lines 9-10), sending the password, 
with respect to said terminal (col. 2 lines 13-14), and comparing the password with 
authentication information created prior to the authentication; permitting login when 
they match (col. 2 lines 13-16), and invalidating said password (col. 2 lines 57 - col. 
3 line 3, col. 3 lines 40-43, col. 5 lines 24-27), wherein the authentication information 
includes a plurality of different passwords so that a plurality of users of the business 
system need only one authentication information to use the commercial system (col. 
5 lines 20-29 and Table 1). The authentication information disclosed by Hokkanen 
includes a plurality of different passwords so that a plurality of users of the business 
system need only one authentication information to use the commercial system (e.g. 
col. 4 line 56-col. 5 line 29). 

12. Although Hokkanen's invention discloses passwords generation and validation by 
the same entity, and fails to discus the variation wherein the password generated 
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and received from one system (a business system) is used by another system 
(logon into a commercial system), such a variation if not inherent, is at least obvious. 
Using only one entity to communicate with a plurality of clients is impractical 
because it limits the scalability of the overall system. In fact in the discussion of prior 
art Hokkanen explicitly acknowledges the well-known and implemented extension of 
an authentication system that utilizes plurality of elements (e.g. an additional party 
authorized by the service provider) helping with passwords distribution. Thus, if not 
inherent, it would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention not to limit Hokkannen's invention to only the commercial 
service system distributing generated passwords to users (that use the passwords to 
access and use the commercial service system) given the benefit of ensuring 
system's scalability. 

13. As per business system and commercial service system sending/receiving list of 
passwords, the synchronization of passwords between two systems is implicit. Not 
providing the authentication information by the first system (e.g. the business 
system) to another system (e.g, the commercial system) would defeat the purpose of 
the expended system functionality, since the password valid at one system would 
not be valid at the second system. 

14. Although it is clear that the authentication information in Hokkanen's invention 
includes a plurality of different passwords that are subjects to invalidation, Hokkanen 
does not explicitly disclose teach that the purpose of the plurality of different 
password is to meet needs of a plurality of users of the business system to only one 
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authentication information to use the commercial system. However, this limitation is 
nonfunctional descriptive limitation and do not alter a user authentication. Thus, this 
descriptive material will not distinguish the claimed invention from the prior art in 
terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 
(Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). 

15. Claims 2-5 and 7-10 are rejected under 35 U.S. C. 103(a) as being unpatentable 
over Hokkanen (U.S. Patent No. 6993666) in view of Lamport ("Password 
Authentication with Insecure Communication, Communications of the ACM, vol. 24 
Number 11, Nov. 1981). 

Hokkanen discloses the login authentication method as discussed above. 

16. As per claim 2-3, 7-8 Hokkanen does not disclose using a random number in 
password generation. 

However, practice to using random numbers in passwords generation is old and 
well-known, as illustrated by Lamport (e.g. "Implementation", pg. 771). It would 
have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to use a random number in a password generation given the benefit of 
increased security. 

Lamport discloses the limitations of claims 4-5 and 9-10 on pg. 770-771 (pg. 771 in 
particular). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 
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Bosen (U.S. Patent No. 5060263), 
Rahman (U.S. Pub. No. 20020144128). 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571 ) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis Jacques can be reached on (571) 272-6962. The fax phone 
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number for the organization where this application or proceeding is assigned is (571 ) 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



273-8300. 
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